Acy­ber­at­tack em­ploy­ing ran­somware in mid-Jan­uary crip­pled cloud-based ser­vices pro­vided by Allscripts, one of the na­tion’s largest elec­tronic health records ven­dors. The Chicago-based com­pany said ser­vices to 1,500 health­care or­ga­ni­za­tions—pri­mar­ily small physi­cian group prac­tices—were in­ter­rupted for sev­eral days. It re­ported that all ser­vices were fully re­stored to all cus­tomers on Jan­uary 26. Cus­tomers vented their anger on so­cial me­dia, and one class ac­tion law­suit al­ready has been filed against the com­pany. Allscripts’ prob­lems be­gan Jan­uary 18 when a vari­ant of the SamSam mal­ware af­fected two data cen­ters host­ing its Pro EHR sys­tem and the elec­tronic pre­scrib­ing of con­trolled sub­stances soft­ware. In com­mu­ni­ca­tions with cus­tomers the next day, Allscripts said it was at­tempt­ing to “re­store both the di­rectly af­fected ser­vices—hosted Pro EHR and hosted EPCS—and the other un­af­fected ser­vices that we proac­tively shut down to pro­tect clients and client data.” North­well Health, a 22-hos­pi­tal de­liv­ery sys­tem in New York, was af­fected by the Allscripts breach, al­though a com­pany spokesman con­tends the im­pact on the or­ga­ni­za­tion was min­i­mal. “When we learned of the at­tack, we dis­con­nected from data cen­ters as a pre­cau­tion­ary mea­sure,” he says. “We lost e-pre­scrib­ing for con­trolled sub­stances, but other sys­tems were se­cure and never at risk.” Dur­ing the out­age, the New York Amer­i­can Col­lege of Emer­gency Physi­cians ad­vised its 2,300 mem­bers they were al­lowed to use “pa­per of­fi­cial pre­scrip­tions” un­til ser­vices are re­stored. Le­gal ac­tion against Allscripts be­gan al­most as soon as the at­tack was fully re­solved. Surf­side Non-Sur­gi­cal Ortho­pe­dics in Boyn­ton Beach, Fla., filed a class ac­tion com­plaint, charg­ing Allscripts with fail­ing to se­cure its sys­tems and data from cy­ber­at­tacks, prevent­ing clients from con­duct­ing rou­tine and or­di­nary busi­ness.